2017 BEST PRACTICEs CONFERENCES SERIES - BOOK YOUR PLACE TODAY!Other Events
EUROPE, Middle EAST & AFRICASTARTS IN:
NORTH and south americasSTARTS IN:
ORLANDO, FL USA
asia pacificSTARTS IN:
KOTA KINABALU, MALAYSIA
Pindrop Security - ContactCenterWorld.com Blog
Page: 1 | 2
Citizens expect to be able to contact their government agencies over the phone. Even though contact center representatives are trained to look out for red flags and call characteristics associated with fraud, the lack of multi-layered authentication, the use of social engineering, and the exploitation of the black market enables fraudsters to gain access to a multitude of classified information.
“Are you really who you say you are?”
Agencies are taking advantage of the advent of online services, which simultaneously removed many of the barriers linked with face-to-face contact. The lack of multi-layered authentication in current systems allows fraudsters in the public sector to use stolen identities and information to benefit from public assistance programs like Medicaid and food stamps. Fraudsters constantly change their approach with advances in technology; however, and the government is struggling to keep up.
Security is key in combating fraud, and in recent years, legislation and other forms of guidance have been set in place to recognize the importance of multi-layered authentication for cybersecurity. These efforts have been employed at the federal level by the Office of Management and Budget (OMB), National Security Council (NSC), and Department of Homeland Security (DHS). Fraudsters work hard to break down the integrity of federal programs, which can be attributed to the decline of public trust in government.
Five Main Concerns:
Publish Date: May 24, 2017 5:00 AM
Throughout 2016, Pindrop analyzed more 700 million phone calls – many of them coming from companies that receive more than 40 million calls per year. Phone fraud has increased 113% cross-industry from 1 in every 2,000 calls in 2015 to 1 in every 937 calls in 2016. While all industries are experiencing increased fraud rates, retail stands out with 1 in every 491 incoming calls being fraudulent – a dramatic increase from 1 in every 1000 for 2015. This number exceeds the amount of calls coming into the call centers of credit card issuers, banks, and insurance companies – 1 in 832, 1 in 867, and 1 in 4,700, respectively.
“It’s a wild west out there,” says David Dewey, Director of Research at Pindrop.
Why is retail being targeted?
Retailers’ existing security systems are not robust or secure enough to handle the increasing volume of data filtering across web-enabled devices and processes. A digitally-influenced retail experience may enable brands to conduct business from a variety of access points, but it also allows criminals to take a multi-faceted approach to acquiring customer data.
Why are fraudsters redirecting their attacks to the call center?
With the rollout of EMV technology and improved security measures online, fraudsters have redirected their attacks to the phone channel – the weakest link in security. Call center agents often fall victim to these attacks because they are focused on administering quality customer service rather than detecting and preventing fraud. 61% of fraud can be traced back to the call center. The root cause of fraud loss, the call center, is often misdiagnosed by retailers, enabling fraud in other channels, such as debit card, credit card, and check order takeover – online fraud that occurs as soon as credentials are reset by call center agents.
Organized fraud rings use information acquired from data breaches and social websites to successfully impersonate customers and get through security questions. Because these questions are designed to allow legitimate users to easily access their accounts, call center agents don’t immediately assume these are illegitimate callers. On average, these fraudsters call in five times attempting to make changes to a victim’s account, such as the associated email address or physical address, in order to gain control.
Publish Date: May 10, 2017 5:00 AM
Martin Dodd, Managing Director, Connect, Lloyds Banking Group
With the spotlight remaining on the evolving threat of online fraud, phone fraud is an area that is often overlooked. It is, however, an area where fraudsters, aided by new technology, still look for opportunities.
Smarter thinking, collaboration and using innovation are helping organisations to stay a step ahead. We recently announced that we are implementing Pindrop’s patented Phoneprinting™ technology to help further protect our customers against potential fraudsters. The technology allows our contact centre colleagues to be in a better position to identify the authenticity of a caller, and therefore provide a better experience for the millions of customers who call us every day.
The science behind Phoneprinting
How it works is really impressive, identifying in real-time 147 unique characteristics of a call as it comes in and then using this insight to calculate a risk score. The risk score helps our colleagues to decide whether a caller is legitimate or a potential fraudster. We can then adapt the questions that we need to ask to verify and authenticate it’s a genuine customer that we are speaking to.
We’re always looking to be on the front foot where potential fraudsters are concerned and we know that we need to apply a number of different layers of detection and prevention. Technology like Pindrop’s Phoneprinting gives us an additional level of reassurance that we are detecting potential fraudsters faster and are therefore improving the experience for genuine customers with quicker authentication and shorter call times.
Development and expansion
Publish Date: April 13, 2017 5:00 AM
You’d think that the signs of ageing are obvious. Grey hairs, wrinkles and fading eyesight. But, as a study by Pindrop points out, it’s also your voice that can change.
With the growing use of voice recognition as a way to identify and authenticate callers, there has been a real need to make sure that businesses using this technology are doing so accurately. False readings not only hinder the customer experience, they can also open the door for fraudsters. Age, it turns out, can be a huge factor here.
A changing voice
Pindrop’s recent two-year study into voice ageing analysed 122 people, including native English, Dutch, German, Spanish and Italian speakers. It found that the expected error rate (EER) of positively identifying a speaker increased as time passed and the survey sample aged. In fact, in the study, the EER almost doubled over the course of the two-year period. It demonstrates that organisations who depend on voice biometric technology may find it very difficult to authenticate a person on voice alone, especially if they are an infrequent caller, as time passes.
The research also revealed that other factors, besides age, can lead to a change in voice. Dr. Elie Khoury, the principal researcher in the study, says that a person’s emotional state, stress levels, health and vocal effort can affect the pitch and speed of their voice, and therefore the accuracy of identification. What’s more, someone calling from a mobile phone in a rural part of Germany will sound different from someone calling from a landline in Berlin – a subtle difference that may not always be picked up by standard voice biometric technology.
Finally, the research suggests that people’s voices age uniquely at different rates. Which means that there is no one accepted factor that can be applied to take ageing into account. This finding highlights one of the key flaws of voice biometrics: it’s trouble with adapting to voice variation. Because unlike irises or fingerprints, which stay the same over the course of a person’s life, a changing voice can directly affect the accuracy of acceptances or rejections.
“Voice biometrics aren’t accurate enough on their own,” Khoury says. “You have to add other factors like spoofing detection and Phoneprinting™.”
Hear this out
Publish Date: April 10, 2017 5:00 AM
While the retail experience is becoming increasingly omnichannel, retailers are still neglecting the phone channel, the weakest link in security, as a common point of access for customers. Despite the intent to administer positive customer experiences, call center agents often fall victim to the methods that enable fraud attacks.
Top 5 Threats
- 61% of fraud can be traced back to the call center. The root cause of fraud loss, the call center, is often misdiagnosed by retailers, enabling fraud in other channels, such as debit card, credit card, and check order takeover — online fraud that occurs as soon as credentials are reset by call center agents.
- Retailers in the United States lost $60 billion to fraud in 2015 mostly due to increased chargeback fees coming from card-not-present (CNP) transactions. Fraudsters place orders using stolen credit card credentials, not only costing the retailer the price of the stolen merchandise, but also raising operational costs and increasing chargeback fees.
- One out of every 1000 calls into retail call centers is fraud-related. Retail is now the #1 target of cyberattacks, surpassing financial institutions, where one out of every 2,650 calls is fraud-related.
- One out of every 300 calls related to “fencible” retail products is a fraud-related call. Fraudsters especially like to target “fencible goods,” expensive, popular items easily resold on the black market.
- Fraud loss for retailers averages $3.4 million annually. Instead of using social engineering to gain access to money in an account, fraudsters target retailers by placing orders for material goods over the phone.
These fraud attacks increase operational costs, decrease customer satisfaction, and jeopardize brand reputation as customer data is repeatedly lost to fraud. Retailers’ existing security systems are not robust or secure enough to handle the increasing volume of data filtering across web-enabled devices and processes. A digitally-influenced retail experience may enable brands to conduct business from a variety of access points, but it is also putting their enterprises under siege.
On April 19, 1:00pm-2:00pm, Pindrop’s Director of Fraud Prevention and Strategy, Shawn Hall, will offer his insight into the ways that fraudsters surpass security methods and infiltrate organizations through call centers.
Publish Date: April 5, 2017 5:00 AM
PSCU, the nation’s leading credit union service organization, has partnered with Pindrop to identify and prevent call center authentication fraud. Call center fraud occurs when criminals use the phone channel to impersonate consumers to gain access to their account funds and sensitive data. PSCU is the first credit union service provider to utilize Pindrop’s proprietary platform for fighting call center authentication fraud.
“Through our partnership with Pindrop, PSCU continues to protect members by investing in risk management and advanced fraud detection solutions aimed at driving down fraud losses and improving the member’s identity authentication experience,” said Chuck Fagan, PSCU President and CEO. “The technology from Pindrop adds yet another layer of security and intelligence to our industry-leading risk management protocol to detect and prevent fraud.”
“PSCU’s fraud detection and prevention resources stopped $146 million in fraudulent transactions last year,” said Jack Lynch, PSCU SVP and Chief Risk Officer. “The partnership with Pindrop will help toughen our resistance to this emerging fraud threat in the voice channel. Our investment in new risk management technology is a key component of PSCU’s mission to support, protect and optimize every transaction we have with our Owner’s members.”
“We are excited about the partnership and we look forward to supporting PSCU’s commitment to service excellence by protecting their Owners and members against the increasing fraud threats that target call centers,” said Michael Hughes, Pindrop Vice President, Americas. “Over 61 percent of fraud starts with a phone call and the voice channel accounted for more than $10 billion in fraud last year in the U.S. PSCU is a proven leader in fraud and risk management best practices and we are proud to have the Pindrop technology as an integral component of their overall member authentication and risk management strategy.”
Pindrop’s patented technology, Phoneprinting™, analyzes 147 different factors in the audio of a phone call in order to create a unique signature that allows a fraud analyst to identify an illegitimate caller, while also determining the caller’s true geographic location, device type, and more. Unlike a phone number or a voice, this information is impossible for fraudsters manipulate. With Pindrop’s solution, customers catch over 80% of fraud calls with less than a 1% false positive rate. Contact centers are empowered with the technology necessary to stop fraud loss, reduce operations costs, protect brand reputation and compliance, and improve the customer’s overall experience.
According to Aite’s Senior Analyst, Shirley Inscoe, as large financial institutions implement anti-fraud and authentication technology like Phoneprinting™, fraudsters will move downstream and target smaller organizations, such as smaller banks and credit unions. With Pindrop, PSCU will be able to streamline the member authentication experience to enable faster issue resolution time through the voice channel. “Our Owners expect our call centers to protect them from fraudulent callers, and we must implement solutions that quickly and accurately validate incoming calls,” added Lynch. “Pindrop’s technology will help us add even more value to our fraud protection services and improve the overall member experience.”
Publish Date: March 7, 2017 5:00 AM
As the implementation of voice biometrics has become increasingly popular as a form of identification and authentication, researchers are challenged with determining how users’ voices change over time. New research shows that voices age significantly, even in the short term, making positive authentication more difficult with just voice biometrics alone.
One obstacle making the measurement of voice aging difficult is that every speaker’s voice ages uniquely and at a different rate. There is no universally accepted factor that can be applied to a known authentic recording to compensate for aging.
“Voice biometrics aren’t accurate enough on their own. You have to add other factors like spoofing detection and phoneprinting,” said Dr. Elie Khoury, a principal research scientist at Pindrop, who has conducted a long-term study on voice aging. Khoury will deliver an eye-opening presentation on his results at the RSA Conference today.
Biometrics have gained popularity in both consumer and enterprise applications for a number of reasons, specifically their trusted persistence. Most fingerprints and irises don’t change much over time, so these traits can serve as accurate long-term identifiers. But voice is different. Small changes in a user’s voice can have a direct impact on scoring models and result in false acceptances or rejections.
In a two-year study of 122 people — native speakers of English, Dutch, French, German, Spanish, and Italian — Khoury found that the expected error rate (EER) of positively identifying a given speaker increased significantly over time. In fact, the EER nearly doubled over the two-year the study. And it’s not just one trait that changes in a speaker’s voice, either.
“There’s a change in the pitch and the speed of the speech. When you compute the score, it will decrease slowly over time,” Khoury said. “That’s what’s risky for voice biometrics. The score should remain as high as possible for a match. Aging can make false detection or rejection go up over time. And the pitch will change multiple times during a lifetime.”
There also a number of additional factors, besides age, that can contribute to variances over time, including the emotional state, stress levels, health, and vocal effort of the speaker, all of which can have an effect on accurate identification, Khoury said. Compensating for these factors is the challenge for researchers looking to improve the accuracy of voice models.
Publish Date: February 17, 2017 5:00 AM
Aite Group, an independent research and advisory firm focused on business, technology, and regulatory issues, interviewed 25 executives at 18 of the top 40 largest U.S. financial institutions based on asset size in order to provide an evaluation of the current state of fraud. New research proves that contact centers are being attacked more than ever before. Aite’s Senior Analyst, Shirley Inscoe, joined Pindrop’s Director of Research, Dr. David Dewey, to discuss the growing threat of fraud in the contact center during this session.
With the rollout of EMV chip cards, fraudsters have redirected their attacks to the contact center for data mining and account takeover. Sixty-one percent of fraud can be traced back to the contact center, but it doesn’t end there – fraud is a cross-channel problem. Many enterprises fail to identify the contact center as the root cause of fraud loss, enabling fraud in others channels, such as debit card, credit card, and check order takeover. Meanwhile, fraudsters are capitalizing on this misdiagnosis and targeting the contact center as the weakest link in security.
Contact center fraud loss is expected to double from $393M to $775M by 2020. As chip cards continue to gain momentum in the United States, organized fraud rings will continue targeting the phone channel, replacing traditional counterfeit card fraud. Current authentication factors in the contact center often fail due to the data fraudsters acquire through social engineering tactics in order to reset account credentials. Armed with data, organized fraud rings probe agents at enterprises for the information they need to access customer funds, and the point of least resistance is often the contact center.
Publish Date: November 30, 2016 5:00 AM
The wealth of information housed by contact centers can be leveraged by fraudsters for data mining and cross-channel attacks. In an effort to prevent phone fraud, many businesses implement authentication methods; however, most fail to administer the authentication required to provide a layered defense system. As social engineering and fraud technologies have become more advanced, standard authentication methods have proven to become less sufficient. “You have to assume the criminals can get through one layer [of authentication]; they can get through two, they can even get through three,” says Avivah Litan, Vice President with the consultancy Gartner. “But if you have multiple layers, up to five, and you’re continuously authenticating that user and continuously looking at their activities against their profile, you should be in pretty good shape.”
Multiple layers of security allow organizations to meet regulatory requirements and effectively safeguard customer data. Knowledge-based authentication (KBA), has served as a standard authentication method for years; however, 10-15% of KBA fails entirely, proving that authentication requires another layer of security in order to ensure data protection. A layered approach to authentication starts with “protecting the endpoint, trying to secure the browser, going all the way up to looking at the navigation, building profiles of users and accounts and looking for anomalies, doing that across channels,” says Litan. This kind of identity assessment analyzes endpoint and user data, metadata, and ehavior as it identifies linkages across and between entities.
Publish Date: September 28, 2016 5:00 AM
Fraud poses a substantial risk to the integrity of federal programs and weakens the public’s trust in government. Though government agencies have made great strides in online security over the past few years, they have neglected to implement similar protections for the phone channel.
Fraudsters commonly use the call center as a first step in launching a fraud attack. By impersonating a citizen over the phone, fraudsters are able to gather private financial or personal information. Agencies that hold significant amounts of personal data, like the IRS and Social Security Administration, are particularly at risk.
Today, too many government agencies are relying on outdated Knowledge Based Authentication (KBA) questions as their primary form of security over the phone channel. These questions are ineffective at stopping fraudsters, as recent data breaches have flooded the black market with the answers to these questions. Even when the fraudsters don’t already know the answers, they can use social engineering techniques to bypass security measures.
So what can government agency call centers do to more effectively solve this problem? Pindrop solutions are designed to analyze all aspects of the call to assess the true identity of the caller and detect indicators of fraud. Built around patented Phoneprinting technology, Pindrop analyzes 147 features of the call audio to determine the caller’s true location, device, and risk. Pindrop combines Phoneprinting with reputation analysis, voice biometric blacklisting, and a private enterprise consortium, which allows sharing of threat intelligence across industries.
Publish Date: September 26, 2016 5:00 AM
Congratulations are in order if you’ve never had to experience the pleasure of being robocalled. The rampant growth of the underground phone fraud world is affecting consumers and enterprises alike. As consumers, we may experience calls telling us we are being sued by the IRS (just one of the many scams) and for enterprises, the call centers are a point of entry for costly phone phishing attacks. This shockingly small group of fraudsters are causing explosive amounts of damage, costing Americans about $7.4 billion annually, as noted by the Harris poll.
We can try to register for the Do Not Call lists and be more aware of the unfamiliar numbers calling us, but cyber criminals can easily access our data through social engineering, spoofing and inexpensive data downloads. Enterprises face a bigger challenge. Some have fraud ops teams to help deter or mitigate the risks. However, more and more fraudsters are targeting unprotected call centers. The advancement and rollout of EMV cards are partially to blame, coupled with the amount of consumer data that is readily available.
Our data scientist, Aude Marzuoli, presented at this year’s Black Hat conference on phone fraud scams and the phoneprinting technology to prevent such attacks. Marzouli and the research team reviewed millions of calls, while leveraging the Pindrop honeypot and online comments in combination with machine learning and were able to determine that of the 100,000 call recordings, 51% of the robocalls recorded were placed by 38 distinct telephony infrastructures which could be uniquely identified with more than 85% true detection rate (TDR) on average. So what does this all really mean? Fraudsters are getting more creative, more quickly, and within a small network have an exceptional, growing presence that makes protection from this abuse more challenging.
Publish Date: August 5, 2016 5:00 AM
Black Hat Talk: Call Me…I’ll Gather Threat Intelligence on Your Telephony Scams and Expose Fraudsters
Fraudsters live and die today by executing on what some may call — prank calls. Only the punchline hits businesses in their pockets, leaving law enforcement and companies to ask, “How do we know stop them?” They are robocalls, voice phishers and caller ID spoofers using cybercrime techniques to launch scam campaigns through the telephony channel that many people have long trusted.
Black Hat, one of the premier, highly technical security conferences of the year, welcomes Pindrop Labs Research Scientist Aude Marzuoli to host a session at Black Hat USA 2016.
I am excited for Marzuoli to discuss her latest research findings on the most menacing trends of the telephony channel and describe the calling patterns she tracked via a telephony honeypot. She will share with you her original thesis and how she used Pindrop’s honeypot to gather and analyze accurate and timely information on unwanted phone calls across the United States. By determining how these bad call sources can be quickly and accurately identified using features extracted from honeypot call audio, Pindrop Labs stands to aid law enforcement and businesses across the globe that are combatting rising telephony fraud.
Using machine learning and semantic information collected from honeypot call audio, Marzuoli and her team collected over 500,000 calls over five months from 90,000+ unique source phone numbers. Leveraging this data, Pindrop Labs developed a method to “fingerprint” high-risk call sources, attempting to hide behind phone numbers, and detect them in the first few seconds of a call.
Publish Date: July 29, 2016 5:00 AM
This week in phone fraud, Pindrop Labs released its Top 10 Consumer Phone Scams Report and Pindrop CEO, Vijay Balasubramaniyan, reveals how deep learning can transform the relationship between humans and machines.
On Thursday, USA Today reported the top three phone scams targeting consumers this year are Google listing scams, loan-related scams and fraudsters offering free vacations, an information security company called Pindrop found — by masquerading as unsuspecting customers.
Wednesday, IT Pro Portal reported that ever since humans evolved language, speech has proven to be the most efficient way for us to communicate, from the simplest requests to the most complex ideas. Now, with advances in technology, speech is poised to become the next major transformation of the user interface.
Biometric Update: Biometrics alone will not win the authentication wars – Hackers target banks and any business with a digital presence to steal people’s identities and export valuable private information. Increasingly, hackers are using impersonation methods to pose as individuals to commit fraud digitally and over the phone. Especially in the call center, where fraud is expected to grow by 97 percent between 2015-20 (Aite Group)
Helpnet Security: As voice interaction increases, what will security look like in the next 5 years? – As the accuracy of voice UI grows, it will naturally progress to a means of authentication in the enterprise. However, the enterprise should be concerned about the security implications of tomorrow and what managing voice authentication, in the daily work environment, will mean.
Publish Date: July 29, 2016 5:00 AM
This week in phone fraud, a researcher found a way to trick the ID verification tools used by tech giants Microsoft, Google, and Instagram, and a phone scam in China targets HIV infected people.
On Thursday, Fortune reported that a researcher found a simple yet ingenious way to trick three companies— Microsoft, Google, and Facebook’s Instagram—into forking over money using nothing more than the telephone.
Thursday, New York Times reported that hundreds of people with H.I.V. across China are being called by someone who claiming to be from the government who has access to their medical records and other personal information.
NPR: Scammers Turn To Caller ID “Spoofing” To Pose as Police – Most people know to hang up on con artists supposedly calling from the power company or the IRS, demanding money. The problem is, there’s little the police can do — even when the scammers go so far as to impersonate the police themselves.
Shanghai Daily: Police in China to probe suspected phone scam targeting people with HIV – People with HIV nationwide have reportedly received phone calls from individuals claiming to work for the government. The callers allegedly attempt to collect service fees for “government subsidies for the HIV-infected.”
Publish Date: July 22, 2016 5:00 AM
This week in phone fraud, the Federal Communications Commission passed legislation that exempts government employees and their contractors from certain regulations on robocalls.
On Tuesday, The Washington Post reported that government employees and any contractors working on their behalf are now exempt from regulations on robo-calls designed to protect consumers from annoying phone spam under a new, federal clarification on who is and isn’t allowed to place auto-dialed phone calls and text messages.
Thursday, the Consumerist reported AT&T CEO Randall “Dandy Randy” Stephenson claims his company can’t proactively block robocalls because it first needs permission from the FCC, and AT&T employees have more than a dozen different explanations for why the telecom giant has done nothing to rein in these unwanted, pre-recorded and auto-dialed calls.
Security Info Watch: Data Breach Digest: Breach trends that will define incident response – At the start of the year, Experian developed a forecast of breach trends that companies should look out for over the coming year, drawing from its experience servicing thousands of breaches each year as well as insight from expert partners in the indistry.
Yahoo Finance: Counterfeit Credit Card Fraud Reaches Lowest Level Since 2013; Other Fraud Types Increase, says Auriemma Consulting Group – The US credit card market’s move to EMV chip technology has helped reverse a years-long trend of increasing counterfeit fraud, new data from Auriemma Consulting Group (ACG) shows. Howeve, fraud in other channels is increasing.
Publish Date: July 8, 2016 5:00 AM
Page: 1 | 2